An electronic signature is used for verifying validity of electronic data provided via a network such as an e-mail, a Web page or the like. Specifically, a sender A of electronic data generates an electronic signature of the electronic data with a private key, attaches the electronic signature to the e-mail, and sends the e-mail. A recipient B of the electronic data decrypts the electronic signature with a public key, which is the key paired with the private key, and authenticates that the electronic data is created by the sender A by verifying the decryption result is equal to the hash value of the electronic data.
However, the public key corresponding to the private key is easily obtained by a third party. Also, such a third party may obtain the private key from the public key by executing a considerable amount of calculation. Therefore, the likelihood of malicious usage of the private key increases while time passes due to the fact that the private key may be known to people other than the sender A.
Thereupon, it is often standard practice that paired keys (a private key and a public key) are set with a valid term, and the paired keys with an expired valid term are excluded from usage. For example, electronic data signed with an electronic signature whose valid term has expired is automatically removed because of the potential that the electronic data was made by a person who pretends to be a valid sender A.